Intel has not only been downplaying the performance impacts of the fixes, but the financial impacts as well, even going so far as to say the flaws will have no material impact on the company’s finances. That is rather amazing: billions of products sold with two fundamental security flaws that need urgent correction and the result isn’t seen as being material. It leads to the question of what would need to happen for an IT security issue to become material, not only to Intel, but to all U.S. corporations.

The IT security breach most in the U.S. news media before the Intel et al. chip flaw was the Equifax breach, where the personal credit information of some 145 million Americans was compromised. That breach, along with others at health insurance company Anthem and retailer Target spurred the U.S. Congress to hold multiple hearings, with politicians on both sides of the aisle promising that new laws would be quickly passed to force companies to protect citizens’ private data. I hope you didn’t hold your breath waiting for that to happen.turning metal cnc machining Bulk Production

The only major proposed legislation so far is that offered last week by Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) that would hold large credit card companies accountable for data breaches of consumer information. They propose that the companies would face “a base penalty of $100 for each consumer who had one piece of personal identifying information (PII) compromised and another $50 for each additional PII compromised per consumer,” according to their press release.

The likelihood of the proposed legislation being passed is about zero. No one should be surprised, either. The current administration isn’t particularly interested in increasing business regulation; to be fair, given the numerous past massive data breaches, previous administrations, both Republican and Democrat, weren’t overly aggressive in applying the plethora of existing legislation [PDF] to penalize companies for data breaches.stainless steel cnc precision machining Bulk Production

Even though U.S. government regulators routinely wimp out, one would think that the numerous class action lawsuits filed after a data breach would at least incentivize companies to take cybersecurity seriously. Anthem, for instance, agreed to pay $115 million to settle breach-related lawsuits against it. And then there are the stock market hits to consider as well, right?

Well, it turns out that even successful lawsuits (and many are not) and hits to a company’s share price inflict very little long-term damage after the initial crisis occurs. Even then, the total impact to a company’s bottom line is usually not material. The financial hit of Target’s 2013 data breach turned out to be only about 0.1 percent of its 2014 sales, hardly an incentive to change corporate behavior.milling machining lathe parts cnc Bulk Production

Back in 2004, security expert Bruce Schneier wrote a thoughtful essay for IEEE Computer titled, “Hacking the Business Climate for Network Security,” in which he argued persuasively that, “Real security improvement will only come through liability: holding software manufacturers accountable for the security and, more generally, the quality of their products.” His argument seems to have been taken more seriously in Europe, than in the U.S., however.

In May, the EU’s General Data Protection Regulation (GDPR) takes effect. The GDPR is meant to force companies to take EU citizens’ privacy and security concerns seriously. The incentives are the very significant financial penalties incurred for breaching its regulations, such as by not reporting a data breach within 72 hours of its discovery. GDPR fines can range up to 4 percent of annual global turnover or €20 Million (whichever is greater). That has, to say the least, gotten the attention of everyone doing business in the EU, especially U.S. tech companies.CNC machining service stainless steel parts Bulk Production